Be Alert, Be Wary, and Be Informed
• This presentation highlights federal, state, association, advocacy, corporate, commercial and news related resources providing reliable data that addresses the issues of spam, fraudulent website claims and offers, and attempts to obtain personal data to perpetrate ID theft. • Websites and resources have been selected based on authority and topical relevance. We welcome your suggestions and recommendations for relevant sites not mentioned, for inclusion in this guide.

Barbara J. Fullerton & Sabrina I. Pacifici

Is This Spam?

Barbara J. Fullerton & Sabrina I. Pacifici

This is Spam…
• Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" – Email that is “unwanted, “inappropriate” and no longer wanted…” http://www.clickz.com/experts/em_mkt/em _mkt/article.php/1492521

The Difficulties of Tracing Spam Email – Report prepared at request of FTC

Barbara J. Fullerton & Sabrina I. Pacifici

Example: Spam Reduction Policy
This is one of a number of internet and extranet sites (each, a “Practice Website”) accessed through the Internet and sponsored, owned, controlled and/or maintained by Mayer, Brown, Rowe & Maw (which is a combination of two limited liability partnerships, each named Mayer, Brown, Rowe & Maw LLP, one established in Illinois, USA, and one incorporated in England) (together with all owned or controlled subsidiaries and affiliates thereof (collectively, the “Practice”)) whose principal place of business in the United States of America is 190 South LaSalle Street, Chicago, Illinois 60603-3441. Introduction Receipt of Unsolicited Bulk Email (UBE also known as "spam") is a growing concern for Email users at the Practice. This document provides a description of what the Practice is doing about it, why and how that affects senders. • This document serves several purposes and addresses several types of readers. 1. The user who wants to know what the Practice is doing about spam. 2. The legitimate user who finds that he/she is no longer able to send Email to a Practice user https://registration.mayerbrownrowe.com/registration/helpcenter/spam.asp
Barbara J. Fullerton & Sabrina I. Pacifici

What Companies are Doing
• AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails • If you receive an e-mail that you believe could be fraudulent, immediately forward it to [email protected] Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an autogenerated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American Express
– http://www10.americanexpress.com/sif/cda /page/0,1641,21372,00.asp

The Good Old Days… Where are the Hackers?
Hackers now chase money… not just the thrill of breaking into a website.

What is Phishing? --- listening to music by the band called Phish --- a hobby, sport or recreation involving the ocean, rivers or streams…nope “Fishing for personal information” • Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. – Anti-Phishing Working Group http://www.antiphishing.org/
Barbara J. Fullerton & Sabrina I. Pacifici

Example of Phishing
From: Customer Support [mailto:[email protected]] Sent: Thursday, October 07, 2004 7:53 PM To: Eilts Subject: NOTE! Citibank account suspend in process Dear Customer: Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately. This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand. Please use our secure counter server to indicate that you have signed on, please click the link bellow: http://211.158.34.249/citifi/. Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R) Regards, Citibank(R) Card Department (C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc
Barbara J. Fullerton & Sabrina I. Pacifici

What is ID Theft?
“Identity theft is a crime in which an imposter obtains key pieces of information such as Social Security and driver's license numbers and uses it for their own personal gain.” ID Theft Resource Center http://www.idtheftcenter.org/index.shtml

Barbara J. Fullerton & Sabrina I. Pacifici

Preventing ID Theft tips from CNN.com & FTC.gov
• Find out how your information will be used • Pay attention to your billing cycles • Put passwords on all your accounts • Minimize the ID information & number of cards you carry • Find out who has access to your PI at work and verify records are kept in a secure location • Legitimate organizations with whom you do business have the info needed & should not ask you for it • Give your SSN only when absolutely necessary • Order a copy of your credit report from the 3 major credit reporting agencies • Use one credit card for Internet purchases. Minimum amount.

Barbara J. Fullerton & Sabrina I. Pacifici

Barbara J. Fullerton & Sabrina I. Pacifici

http://www.bespacific.com/mt/archives/cat_id_theft.html

Barbara J. Fullerton & Sabrina I. Pacifici

Federal Legislation on ID Theft
• Identity Theft Penalty Enhancement Act (ITPEA), signed by the President on July 15, 2004 - To amend title 18, United States Code, to establish penalties for aggravated identity theft, and for other purposes.

– The President’s remarks upon signing the bill: http://www.whitehouse.gov/news/releases/2004/07/20040715-3.htm – The text of the bill: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.01731: For Reference, see also the Fair and Accurate Credit Transactions Act of 2003, H.R.2622, To amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes. Became Public Law No: 108-159. http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02622:
Barbara J. Fullerton & Sabrina I. Pacifici

Security Freeze to Prevent ID Theft
• Your file cannot be shared with potential creditors. Most businesses will not open credit accounts without checking a consumer's credit history first. • Must write to all 3 credit companies; set-up with PIN • You can order a credit report, but no one else can • Only available in 2 states
– California and Texas – Louisiana and Vermont make it available July 2005 – See this AP article, Credit bureaus shun identity theft weapon, http://msnbc.msn.com/id/5841962/, for more details

• Only you can unfreeze it • Used only in extreme measures • Fee for lifting the freeze: $10-$15 for each transaction
Barbara J. Fullerton & Sabrina I. Pacifici

At Home: Preventing ID Theft
• If you are buying a new computer, you need to take the following steps to prevent your information from being stolen from your old computer
– Clean your disk – Destroy that hard drive, or remove it – Donate rest of computer to charity or recycle it

Don’t Like those Nasty PreApproved Credit Card Offers?
Opt Out! 1-888-5OPTOUT Good for 2 years or permanent

What is Spyware?
Any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.
Defined by searchCRM.com
Barbara J. Fullerton & Sabrina I. Pacifici

What is Adware?
Any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen.
Defined by searchSmallBizIT.com, http://searchsmallbizit.techtarget.com/
Barbara J. Fullerton & Sabrina I. Pacifici

Resources on Spyware
• • Who Downloaded the Spyware? Not Me! by Chris Hayes, May 24, 2004, http://www.llrx.com/features/spyware.htm Spyware: What You Don't Know Can Hurt You, Hearing by the Subcommittee on Commerce, Trade, and Consumer Protection, April 29, 2004, Link to Witness List & Prepared Testimony, Related Documents and Bills,
http://energycommerce.house.gov/108/Hearings/04292004hearing1255/hearing.htm